Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/aim@2.1.1
Typepypi
Namespace
Nameaim
Version2.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.0.dev6
Latest_non_vulnerable_version4.0.0.dev6
Affected_by_vulnerabilities
0
url VCID-43ch-vxyt-kbfv
vulnerability_id VCID-43ch-vxyt-kbfv
summary A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12777
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.44039
published_at 2026-06-11T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.44192
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12777
1
reference_url https://github.com/aimhubio/aim/blob/d4ad66ac87606b1f377d3e685e861abb2eef6c45/aim/ext/sshfs/utils.py#L151-L154
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/blob/d4ad66ac87606b1f377d3e685e861abb2eef6c45/aim/ext/sshfs/utils.py#L151-L154
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12777
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12777
3
reference_url https://huntr.com/bounties/cdf8db79-c290-4fe5-9383-4c518bfba4a8
reference_id cdf8db79-c290-4fe5-9383-4c518bfba4a8
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:30:15Z/
url https://huntr.com/bounties/cdf8db79-c290-4fe5-9383-4c518bfba4a8
4
reference_url https://github.com/advisories/GHSA-v5pj-jrpv-h6g2
reference_id GHSA-v5pj-jrpv-h6g2
reference_type
scores
url https://github.com/advisories/GHSA-v5pj-jrpv-h6g2
fixed_packages
0
url pkg:pypi/aim@3.25.1
purl pkg:pypi/aim@3.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48xs-6auv-93b7
1
vulnerability VCID-nh25-j9ac-p7gw
2
vulnerability VCID-rqgm-8gsj-qbeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.25.1
aliases CVE-2024-12777, GHSA-v5pj-jrpv-h6g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43ch-vxyt-kbfv
1
url VCID-48xs-6auv-93b7
vulnerability_id VCID-48xs-6auv-93b7
summary A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5321
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.59683
published_at 2026-06-12T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59574
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5321
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-5321
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-5321
2
reference_url https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c
reference_id 1fc4747a0ac77a1edc8c32e1d4edc54c
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value LOW
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T15:16:32Z/
url https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c
3
reference_url https://vuldb.com/?ctiid.310492
reference_id ?ctiid.310492
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value LOW
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T15:16:32Z/
url https://vuldb.com/?ctiid.310492
4
reference_url https://github.com/advisories/GHSA-gp5h-f9c5-8355
reference_id GHSA-gp5h-f9c5-8355
reference_type
scores
url https://github.com/advisories/GHSA-gp5h-f9c5-8355
5
reference_url https://vuldb.com/?id.310492
reference_id ?id.310492
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value LOW
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T15:16:32Z/
url https://vuldb.com/?id.310492
6
reference_url https://vuldb.com/?submit.580253
reference_id ?submit.580253
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value LOW
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T15:16:32Z/
url https://vuldb.com/?submit.580253
fixed_packages
0
url pkg:pypi/aim@3.30.0.dev20250508
purl pkg:pypi/aim@3.30.0.dev20250508
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rqgm-8gsj-qbeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.30.0.dev20250508
aliases CVE-2025-5321, GHSA-gp5h-f9c5-8355
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48xs-6auv-93b7
2
url VCID-58xu-5k13-7bgt
vulnerability_id VCID-58xu-5k13-7bgt
summary A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6829
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34806
published_at 2026-06-12T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34628
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6829
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6829
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6829
2
reference_url https://huntr.com/bounties/7c97065c-1b63-4982-82c1-8038be0ed570
reference_id 7c97065c-1b63-4982-82c1-8038be0ed570
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:36Z/
url https://huntr.com/bounties/7c97065c-1b63-4982-82c1-8038be0ed570
3
reference_url https://github.com/advisories/GHSA-75px-35p4-qq6h
reference_id GHSA-75px-35p4-qq6h
reference_type
scores
url https://github.com/advisories/GHSA-75px-35p4-qq6h
fixed_packages
0
url pkg:pypi/aim@3.20.1
purl pkg:pypi/aim@3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-6v19-9ygv-7bfp
3
vulnerability VCID-awv7-mwx7-1kbh
4
vulnerability VCID-e4mr-cym9-qqak
5
vulnerability VCID-hbef-95hu-5bax
6
vulnerability VCID-jwp5-9u8a-3khc
7
vulnerability VCID-nh25-j9ac-p7gw
8
vulnerability VCID-pyzv-9qst-eucm
9
vulnerability VCID-qpcq-ejns-2ubs
10
vulnerability VCID-rqgm-8gsj-qbeg
11
vulnerability VCID-ub49-c2sj-qydy
12
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.20.1
aliases CVE-2024-6829, GHSA-75px-35p4-qq6h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58xu-5k13-7bgt
3
url VCID-6v19-9ygv-7bfp
vulnerability_id VCID-6v19-9ygv-7bfp
summary In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8061
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.65173
published_at 2026-06-12T12:55:00Z
1
value 0.00471
scoring_system epss
scoring_elements 0.65072
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8061
1
reference_url https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8061
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8061
3
reference_url https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
reference_id c85d005c-b354-4c51-a88f-adda2f09622b
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:52:15Z/
url https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
4
reference_url https://github.com/advisories/GHSA-6w7p-xrvp-p7xv
reference_id GHSA-6w7p-xrvp-p7xv
reference_type
scores
url https://github.com/advisories/GHSA-6w7p-xrvp-p7xv
fixed_packages
0
url pkg:pypi/aim@3.24.0
purl pkg:pypi/aim@3.24.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-e4mr-cym9-qqak
3
vulnerability VCID-hbef-95hu-5bax
4
vulnerability VCID-nh25-j9ac-p7gw
5
vulnerability VCID-qpcq-ejns-2ubs
6
vulnerability VCID-rqgm-8gsj-qbeg
7
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.24.0
aliases CVE-2024-8061, GHSA-6w7p-xrvp-p7xv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6v19-9ygv-7bfp
4
url VCID-c53e-ajc2-b7as
vulnerability_id VCID-c53e-ajc2-b7as
summary A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6227
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50895
published_at 2026-06-11T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.51027
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6227
1
reference_url https://github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py#L195
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py#L195
2
reference_url https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a
reference_id abcea7c6-bb3b-45e9-aa15-9eb6b224451a
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T19:51:23Z/
url https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6227
reference_id CVE-2024-6227
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6227
4
reference_url https://github.com/advisories/GHSA-36h2-g4c8-9xcm
reference_id GHSA-36h2-g4c8-9xcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36h2-g4c8-9xcm
fixed_packages
0
url pkg:pypi/aim@3.20.1
purl pkg:pypi/aim@3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-6v19-9ygv-7bfp
3
vulnerability VCID-awv7-mwx7-1kbh
4
vulnerability VCID-e4mr-cym9-qqak
5
vulnerability VCID-hbef-95hu-5bax
6
vulnerability VCID-jwp5-9u8a-3khc
7
vulnerability VCID-nh25-j9ac-p7gw
8
vulnerability VCID-pyzv-9qst-eucm
9
vulnerability VCID-qpcq-ejns-2ubs
10
vulnerability VCID-rqgm-8gsj-qbeg
11
vulnerability VCID-ub49-c2sj-qydy
12
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.20.1
aliases CVE-2024-6227, GHSA-36h2-g4c8-9xcm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c53e-ajc2-b7as
5
url VCID-e4mr-cym9-qqak
vulnerability_id VCID-e4mr-cym9-qqak
summary In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0189
reference_id
reference_type
scores
0
value 0.00578
scoring_system epss
scoring_elements 0.6941
published_at 2026-06-12T12:55:00Z
1
value 0.00578
scoring_system epss
scoring_elements 0.69319
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0189
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0189
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0189
2
reference_url https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e
reference_id e4c9bf41-72cf-4d04-baaf-8f12b5b7926e
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:24Z/
url https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e
3
reference_url https://github.com/advisories/GHSA-j5qj-rg5j-j7c2
reference_id GHSA-j5qj-rg5j-j7c2
reference_type
scores
url https://github.com/advisories/GHSA-j5qj-rg5j-j7c2
fixed_packages
0
url pkg:pypi/aim@3.25.1
purl pkg:pypi/aim@3.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48xs-6auv-93b7
1
vulnerability VCID-nh25-j9ac-p7gw
2
vulnerability VCID-rqgm-8gsj-qbeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.25.1
aliases CVE-2025-0189, GHSA-j5qj-rg5j-j7c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4mr-cym9-qqak
6
url VCID-hbef-95hu-5bax
vulnerability_id VCID-hbef-95hu-5bax
summary A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12778
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.62785
published_at 2026-06-12T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62683
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12778
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12778
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12778
2
reference_url https://huntr.com/bounties/892a9eee-0251-4e57-94a4-dad2e7f32715
reference_id 892a9eee-0251-4e57-94a4-dad2e7f32715
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:52:12Z/
url https://huntr.com/bounties/892a9eee-0251-4e57-94a4-dad2e7f32715
3
reference_url https://github.com/advisories/GHSA-35p3-6j45-prwm
reference_id GHSA-35p3-6j45-prwm
reference_type
scores
url https://github.com/advisories/GHSA-35p3-6j45-prwm
fixed_packages
0
url pkg:pypi/aim@3.25.1
purl pkg:pypi/aim@3.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48xs-6auv-93b7
1
vulnerability VCID-nh25-j9ac-p7gw
2
vulnerability VCID-rqgm-8gsj-qbeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.25.1
aliases CVE-2024-12778, GHSA-35p3-6j45-prwm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbef-95hu-5bax
7
url VCID-jwp5-9u8a-3khc
vulnerability_id VCID-jwp5-9u8a-3khc
summary aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7760
reference_id
reference_type
scores
0
value 0.00229
scoring_system epss
scoring_elements 0.45916
published_at 2026-06-12T12:55:00Z
1
value 0.00229
scoring_system epss
scoring_elements 0.45771
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7760
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7760
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7760
2
reference_url https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229
reference_id 2038df5f-4829-4040-8573-67bf9bb89229
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:51:47Z/
url https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229
3
reference_url https://github.com/advisories/GHSA-38r9-3j52-h92v
reference_id GHSA-38r9-3j52-h92v
reference_type
scores
url https://github.com/advisories/GHSA-38r9-3j52-h92v
fixed_packages
0
url pkg:pypi/aim@3.23.0
purl pkg:pypi/aim@3.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-6v19-9ygv-7bfp
3
vulnerability VCID-e4mr-cym9-qqak
4
vulnerability VCID-hbef-95hu-5bax
5
vulnerability VCID-nh25-j9ac-p7gw
6
vulnerability VCID-qpcq-ejns-2ubs
7
vulnerability VCID-rqgm-8gsj-qbeg
8
vulnerability VCID-ub49-c2sj-qydy
9
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.23.0
aliases CVE-2024-7760, GHSA-38r9-3j52-h92v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwp5-9u8a-3khc
8
url VCID-madg-fcb2-s7bx
vulnerability_id VCID-madg-fcb2-s7bx
summary A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6578
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.4645
published_at 2026-06-12T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46304
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6578
1
reference_url https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680
reference_id 5b1ebc67-5346-44aa-b8b8-3c1c09d79680
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:44:56Z/
url https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6578
reference_id CVE-2024-6578
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6578
3
reference_url https://github.com/advisories/GHSA-p9f2-jg9w-cx69
reference_id GHSA-p9f2-jg9w-cx69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9f2-jg9w-cx69
fixed_packages
0
url pkg:pypi/aim@3.20.1
purl pkg:pypi/aim@3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-6v19-9ygv-7bfp
3
vulnerability VCID-awv7-mwx7-1kbh
4
vulnerability VCID-e4mr-cym9-qqak
5
vulnerability VCID-hbef-95hu-5bax
6
vulnerability VCID-jwp5-9u8a-3khc
7
vulnerability VCID-nh25-j9ac-p7gw
8
vulnerability VCID-pyzv-9qst-eucm
9
vulnerability VCID-qpcq-ejns-2ubs
10
vulnerability VCID-rqgm-8gsj-qbeg
11
vulnerability VCID-ub49-c2sj-qydy
12
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.20.1
aliases CVE-2024-6578, GHSA-p9f2-jg9w-cx69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-madg-fcb2-s7bx
9
url VCID-pyzv-9qst-eucm
vulnerability_id VCID-pyzv-9qst-eucm
summary In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6851
reference_id
reference_type
scores
0
value 0.01241
scoring_system epss
scoring_elements 0.79739
published_at 2026-06-12T12:55:00Z
1
value 0.01241
scoring_system epss
scoring_elements 0.79674
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6851
1
reference_url https://github.com/aimhubio/aim/blob/88ac143708fad8737094b74e9e5b25689d18f1a6/aim/sdk/reporter/file_manager.py#L44
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/blob/88ac143708fad8737094b74e9e5b25689d18f1a6/aim/sdk/reporter/file_manager.py#L44
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6851
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6851
3
reference_url https://huntr.com/bounties/839703fb-23b7-4dc4-ae81-44cd4740d3f3
reference_id 839703fb-23b7-4dc4-ae81-44cd4740d3f3
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:52:40Z/
url https://huntr.com/bounties/839703fb-23b7-4dc4-ae81-44cd4740d3f3
4
reference_url https://github.com/advisories/GHSA-mrvr-7493-pfq3
reference_id GHSA-mrvr-7493-pfq3
reference_type
scores
url https://github.com/advisories/GHSA-mrvr-7493-pfq3
fixed_packages
0
url pkg:pypi/aim@3.23.0
purl pkg:pypi/aim@3.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-6v19-9ygv-7bfp
3
vulnerability VCID-e4mr-cym9-qqak
4
vulnerability VCID-hbef-95hu-5bax
5
vulnerability VCID-nh25-j9ac-p7gw
6
vulnerability VCID-qpcq-ejns-2ubs
7
vulnerability VCID-rqgm-8gsj-qbeg
8
vulnerability VCID-ub49-c2sj-qydy
9
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.23.0
aliases CVE-2024-6851, GHSA-mrvr-7493-pfq3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pyzv-9qst-eucm
10
url VCID-q7eu-n29k-k7ch
vulnerability_id VCID-q7eu-n29k-k7ch
summary Arbitrary file reading vulnerability in Aim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43775
reference_id
reference_type
scores
0
value 0.00447
scoring_system epss
scoring_elements 0.6405
published_at 2026-06-12T12:55:00Z
1
value 0.00447
scoring_system epss
scoring_elements 0.63947
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43775
1
reference_url https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16
2
reference_url https://github.com/aimhubio/aim/commit/b9e53df5e32d14bbd3a2c738e2db7187fb531e93
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/commit/b9e53df5e32d14bbd3a2c738e2db7187fb531e93
3
reference_url https://github.com/aimhubio/aim/issues/999
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/issues/999
4
reference_url https://github.com/aimhubio/aim/pull/1003
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/pull/1003
5
reference_url https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738
reference_id
reference_type
scores
url https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aim/PYSEC-2021-839.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aim/PYSEC-2021-839.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43775
reference_id CVE-2021-43775
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43775
8
reference_url https://github.com/advisories/GHSA-8phj-f9w2-cjcc
reference_id GHSA-8phj-f9w2-cjcc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8phj-f9w2-cjcc
9
reference_url https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc
reference_id GHSA-8phj-f9w2-cjcc
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc
fixed_packages
0
url pkg:pypi/aim@3.1.0
purl pkg:pypi/aim@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-58xu-5k13-7bgt
3
vulnerability VCID-6v19-9ygv-7bfp
4
vulnerability VCID-awv7-mwx7-1kbh
5
vulnerability VCID-c53e-ajc2-b7as
6
vulnerability VCID-e4mr-cym9-qqak
7
vulnerability VCID-hbef-95hu-5bax
8
vulnerability VCID-jwp5-9u8a-3khc
9
vulnerability VCID-madg-fcb2-s7bx
10
vulnerability VCID-pyzv-9qst-eucm
11
vulnerability VCID-qpcq-ejns-2ubs
12
vulnerability VCID-rqgm-8gsj-qbeg
13
vulnerability VCID-wuev-hga2-pbbf
14
vulnerability VCID-wuq7-ug49-7qd9
15
vulnerability VCID-x38g-62wc-p3gf
16
vulnerability VCID-xp81-d9at-3ke4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.1.0
aliases CVE-2021-43775, GHSA-8phj-f9w2-cjcc, PYSEC-2021-839
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7eu-n29k-k7ch
11
url VCID-qpcq-ejns-2ubs
vulnerability_id VCID-qpcq-ejns-2ubs
summary In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0190
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63831
published_at 2026-06-12T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63729
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0190
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0190
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0190
2
reference_url https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70
reference_id 38d151f1-abb4-443a-86b0-6c26f0c6cb70
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:55:00Z/
url https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70
3
reference_url https://github.com/advisories/GHSA-fm93-g6xp-35xq
reference_id GHSA-fm93-g6xp-35xq
reference_type
scores
url https://github.com/advisories/GHSA-fm93-g6xp-35xq
fixed_packages
0
url pkg:pypi/aim@3.25.1
purl pkg:pypi/aim@3.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48xs-6auv-93b7
1
vulnerability VCID-nh25-j9ac-p7gw
2
vulnerability VCID-rqgm-8gsj-qbeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.25.1
aliases CVE-2025-0190, GHSA-fm93-g6xp-35xq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpcq-ejns-2ubs
12
url VCID-rqgm-8gsj-qbeg
vulnerability_id VCID-rqgm-8gsj-qbeg
summary Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox restrictions prevent JavaScript execution via pyodide.code.run_js().
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-51464
reference_id
reference_type
scores
0
value 0.01878
scoring_system epss
scoring_elements 0.83544
published_at 2026-06-11T12:55:00Z
1
value 0.01878
scoring_system epss
scoring_elements 0.83603
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-51464
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-51464
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-51464
2
reference_url https://github.com/aimhubio/aim/pull/3333
reference_id 3333
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T18:15:49Z/
url https://github.com/aimhubio/aim/pull/3333
3
reference_url https://github.com/aimhubio/aim
reference_id aim
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T18:15:49Z/
url https://github.com/aimhubio/aim
4
reference_url https://www.gecko.security/blog/cve-2025-51464
reference_id cve-2025-51464
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T18:15:49Z/
url https://www.gecko.security/blog/cve-2025-51464
5
reference_url https://github.com/advisories/GHSA-gmvv-rj92-9w35
reference_id GHSA-gmvv-rj92-9w35
reference_type
scores
url https://github.com/advisories/GHSA-gmvv-rj92-9w35
fixed_packages
0
url pkg:pypi/aim@4.0.0.dev6
purl pkg:pypi/aim@4.0.0.dev6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@4.0.0.dev6
aliases CVE-2025-51464, GHSA-gmvv-rj92-9w35
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqgm-8gsj-qbeg
13
url VCID-wuq7-ug49-7qd9
vulnerability_id VCID-wuq7-ug49-7qd9
summary A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6483
reference_id
reference_type
scores
0
value 0.00659
scoring_system epss
scoring_elements 0.71635
published_at 2026-06-12T12:55:00Z
1
value 0.00659
scoring_system epss
scoring_elements 0.7155
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6483
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6483
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6483
2
reference_url https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecfd5e363
reference_id dc45d480-e579-4af4-8603-c52ecfd5e363
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:32Z/
url https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecfd5e363
3
reference_url https://github.com/advisories/GHSA-p6x3-v6g3-7557
reference_id GHSA-p6x3-v6g3-7557
reference_type
scores
url https://github.com/advisories/GHSA-p6x3-v6g3-7557
fixed_packages
0
url pkg:pypi/aim@3.20.1
purl pkg:pypi/aim@3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-6v19-9ygv-7bfp
3
vulnerability VCID-awv7-mwx7-1kbh
4
vulnerability VCID-e4mr-cym9-qqak
5
vulnerability VCID-hbef-95hu-5bax
6
vulnerability VCID-jwp5-9u8a-3khc
7
vulnerability VCID-nh25-j9ac-p7gw
8
vulnerability VCID-pyzv-9qst-eucm
9
vulnerability VCID-qpcq-ejns-2ubs
10
vulnerability VCID-rqgm-8gsj-qbeg
11
vulnerability VCID-ub49-c2sj-qydy
12
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.20.1
aliases CVE-2024-6483, GHSA-p6x3-v6g3-7557
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuq7-ug49-7qd9
14
url VCID-x38g-62wc-p3gf
vulnerability_id VCID-x38g-62wc-p3gf
summary A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8863
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.32572
published_at 2026-06-11T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.32754
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8863
1
reference_url https://vuldb.com/?ctiid.277500
reference_id ?ctiid.277500
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:12:24Z/
url https://vuldb.com/?ctiid.277500
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8863
reference_id CVE-2024-8863
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8863
3
reference_url https://github.com/advisories/GHSA-pmhg-f7wc-c97m
reference_id GHSA-pmhg-f7wc-c97m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmhg-f7wc-c97m
4
reference_url https://vuldb.com/?id.277500
reference_id ?id.277500
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:12:24Z/
url https://vuldb.com/?id.277500
5
reference_url https://rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4
reference_id Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:12:24Z/
url https://rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4
6
reference_url https://vuldb.com/?submit.403203
reference_id ?submit.403203
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:12:24Z/
url https://vuldb.com/?submit.403203
fixed_packages
0
url pkg:pypi/aim@4.0.0.dev6
purl pkg:pypi/aim@4.0.0.dev6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@4.0.0.dev6
aliases CVE-2024-8863, GHSA-pmhg-f7wc-c97m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x38g-62wc-p3gf
15
url VCID-xp81-d9at-3ke4
vulnerability_id VCID-xp81-d9at-3ke4
summary aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2196
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.68014
published_at 2026-06-12T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.67925
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2196
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2196
reference_id CVE-2024-2196
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-2196
2
reference_url https://huntr.com/bounties/e141e3f2-afbb-405f-a891-f66628c8b68f
reference_id e141e3f2-afbb-405f-a891-f66628c8b68f
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-31T14:42:05Z/
url https://huntr.com/bounties/e141e3f2-afbb-405f-a891-f66628c8b68f
3
reference_url https://github.com/advisories/GHSA-99w2-67h8-5948
reference_id GHSA-99w2-67h8-5948
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99w2-67h8-5948
fixed_packages
0
url pkg:pypi/aim@3.18.0.dev2
purl pkg:pypi/aim@3.18.0.dev2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43ch-vxyt-kbfv
1
vulnerability VCID-48xs-6auv-93b7
2
vulnerability VCID-58xu-5k13-7bgt
3
vulnerability VCID-6v19-9ygv-7bfp
4
vulnerability VCID-awv7-mwx7-1kbh
5
vulnerability VCID-c53e-ajc2-b7as
6
vulnerability VCID-e4mr-cym9-qqak
7
vulnerability VCID-hbef-95hu-5bax
8
vulnerability VCID-jwp5-9u8a-3khc
9
vulnerability VCID-madg-fcb2-s7bx
10
vulnerability VCID-nh25-j9ac-p7gw
11
vulnerability VCID-pyzv-9qst-eucm
12
vulnerability VCID-qpcq-ejns-2ubs
13
vulnerability VCID-rqgm-8gsj-qbeg
14
vulnerability VCID-ub49-c2sj-qydy
15
vulnerability VCID-wuev-hga2-pbbf
16
vulnerability VCID-wuq7-ug49-7qd9
17
vulnerability VCID-x38g-62wc-p3gf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aim@3.18.0.dev2
aliases CVE-2024-2196, GHSA-99w2-67h8-5948
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xp81-d9at-3ke4
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/aim@2.1.1